March 8, 2007, 12:00 AM

Massachusetts bill puts merchants on the security hot seat

A state bill in Massachusetts proposes to make merchants liable for the full cost of replacing payment cards if their networks get hacked.

While credit card companies and consumers exert more pressure on merchants to protect financial records store in computer networks, a bill recently introduced in the Massachusetts state legislature proposes to make merchants liable for the full cost of replacing payment cards if their networks get hacked.

“If retailers know they’ll be held liable, they’ll be more likely to secure customer data,” says Adam Martignetti, chief of staff for Rep. Michael Costello, who has submitted House Bill 213, “An Act Relative to Enhancing the Confidentiality and Protection of Certain Consumer Information.” The first legislation of its kind, the bill has been generating interest from other states and from federal legislators, he adds.

The bill was introduced shortly before TJX Companies Inc. reported in January criminals had broken into its computer systems in 2005 and 2006 and stole customer information from a network that handles credit card, debit card, check and merchandise-returns transactions. The bill, intended to force retailers to abide more closely by industry security standards, complements other efforts by the credit card companies, which recently increased their fines up to $25,000 a month for large merchants who don’t comply with the payment card industry data security standards, which are comprised of 12 general requirements for such actions as assuring that networks have updated security patches from software vendors, not storing sensitive customer data, and deploying software applications that encrypt the customer data that they do store in databases.

Pressure on merchants is also increasing from consumer awareness of the vulnerability of data. In a recent survey of 2,000 consumers by the Chief Marketing Officers Council, 40% of respondents said they had aborted a planned purchase either online or in a store because of concerns about the security of their personal data. In the same survey, 50% of respondents indicated they would avoid buying from a company whose customer databases had been hacked.

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Will Devlin / E-Commerce

Three simple steps to reducing shopping cart abandonment

Payment options, a shopping cart that holds a customer’s items while she ponders the purchase ...

FPO

Adrien Henni / E-Commerce

eBay and Russian Post accelerate cross-border deliveriies

EBay and Russian Post have signed a memorandum of cooperation aimed at reducing the time ...

Advertisement